Hi @amandabaker - we're just discussing in the TAG "f2f" today and it seems to me that some potential privacy issues are not being taken into account. Specifically: The point of PWAs is to have app-like experiences that have the same safety guarantees as the rest of the web - so if we're allowing developers to write arbitrary stuff into trusted UI then this can be a problem. It does not seem like there are sufficient mitigations. For example, a PWA could write confusing or misleading UI elements into the title bar in order to trick the user into disclosing private information (e.g. a phishing attack making it looks like their bank and taking their username and password). Yes, we're talking about web apps that are installed but I'm also concerned that the web app could be installed under false pretences - where the user's trust is gamed by a web site or malicious advert for example, or via a URL they receive by text message or otherwise out of band... It feels to me like this needs to be in the Privacy section and some mitigations need to be discussed here? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/481#issuecomment-696571255
Received on Tuesday, 22 September 2020 08:06:05 UTC